package work.chenxr.security.controller;

import lombok.AllArgsConstructor;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import work.chenxr.security.service.UserService;

/**
 * @Author Chenxr
 * @Date 2023/10/23
 * @Description 安全控制器
 */
@RestController
@AllArgsConstructor
public class SecurityController {
    private final UserService userService;

    @PostMapping(value = "/login", produces = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity<?> login(@RequestBody String login) {
        Object vo = userService.loginByUsername(login);
        return ResponseEntity.ok(vo);
    }

    //@PreAuthorize("hasAuthority('menu:save')")
    @PreAuthorize("hasAnyAuthority('user:list','user:save','user:update','user:delete')")
    @PostMapping(value = "/user", produces = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity<?> user() {
        return ResponseEntity.ok("SUCCESS");
    }


    //@PreAuthorize("hasRole('BOSS')")
    @PreAuthorize("hasAnyRole('ADMINISTRATOR', 'PRODUCT_MANAGER', 'DEVELOPER', 'TESTER')")
    @PostMapping(value = "/role", produces = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity<?> role() {
        return ResponseEntity.ok("SUCCESS");
    }
}
